IT & InfrastructureIntermediate 3 to 4 hours

Linux Server Hardening Checklist

Harden an Ubuntu LTS server against the threats SA-hosted servers actually face.

The Scenario

A SA tech consultancy maintains a fleet of Ubuntu LTS servers (web, application, database) hosted with a local provider. After a competitor was compromised via a default SSH configuration and an exposed admin port, the CTO asks for a hardening checklist that every server must meet before going live.

The Brief

Produce a hardening checklist for Ubuntu Server LTS (24.04). Cover OS, network, application, and operational hardening with specific commands or configuration snippets.

Deliverables

  • An OS hardening section covering: user accounts (no root SSH, sudoers discipline), SSH (key-only, port, MaxAuthTries, allowed users), unattended-upgrades, fail2ban, auditd, and firewall (UFW) rules
  • A network hardening section covering: which ports are open by default and why, internal-only versus public services, IP whitelisting for admin paths, and reverse proxy posture
  • An application hardening section covering: nginx/apache headers, TLS configuration, file permissions, and the principle of running services as non-root
  • A monitoring and operational section covering: log shipping, integrity checks (AIDE), patch cadence, and the runbook for a suspected compromise

Submission Guidance

Hardening checklists are weak when they cite controls without the actual config. Include concrete snippets (sshd_config lines, UFW commands, nginx headers) so a junior engineer can apply them without searching.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

We'll email you the permanent link to your Badge so you never lose it. Not shown publicly.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

Loading security check...

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.